Securing access to one or more elements of a device

ABSTRACT

Aspects of the present invention include systems and methods include unique solutions for providing secure, selectable access to one or more functional elements of a device. In embodiments, a tab-lock system with moveable tab-locks can be positioned to block or allow access to functional elements of a device. In embodiments, the tab-lock system is configured so that when a locking device, such as a common Kensington lock, is locked to the device, the tab-locks settings cannot be changed. Such systems may be used to control the ability of individuals to physically access the interfaces of the device. Thus, such systems help secure an electronic device against inadvertent or malicious actions.

BACKGROUND

1. Field of Invention

The present invention relates generally to electronic devices, andrelates more particularly to having the ability to secure access to oneor more functional elements of an electronic device.

2. Description of the Related Art

Electronic devices—such as, by way of example and not limitation,networking devices—have become increasing more commonplace. Such devicesare located in various locations. These locations often have variedlevels of security. In some instances, the location of a device is verysecure. For example, a device in a server room or data center typicallyhas good security with restricted access to authorized personnel only.In such instances, it is very difficult for a third-party to gainphysical access to the device.

However, some devices are in locations that are less secure. Forexample, for small businesses, their networking equipment may be in openareas or less secure areas making it accessible to third parties. Or,some rack areas may be shared with multiple parties or multiple vendors.Since the space is shared, a device may be subjected to a third-party'sattempt to access or alter a device. For example, person may try toaccess a computer system via a USB interface.

Accordingly, what is needed are systems and methods that can providevaried levels of access to functional elements of a device or devices.

BRIEF DESCRIPTION OF THE DRAWINGS

Reference will be made to embodiments of the invention, examples ofwhich may be illustrated in the accompanying figures, in which likeparts may be referred to by like or similar numerals. These figures areintended to be illustrative, not limiting. Although the invention isgenerally described in the context of these embodiments, it should beunderstood that it is not intended to limit the spirit and scope of theinvention to these particular embodiments. These drawings shall in noway limit any changes in form and detail that may be made to theinvention by one skilled in the art without departing from the spiritand scope of the invention.

FIG. 1 depicts a partial front view with hidden lines of a deviceenclosure with a cover system/tab-lock system according to embodimentsof the present invention.

FIG. 2 depicts the cover system/tab-lock system of FIG. 1 in which oneof the tab-locks or access covers has been moved according toembodiments of the present invention.

FIG. 3 depicts a partial front view of a device enclosure with a coversystem/tab-lock system and a locking device according to embodiments ofthe present invention.

FIG. 4 depicts the cover system/tab-lock system of FIG. 3 in which thelocking device has been secured into position according to embodimentsof the present invention.

FIG. 5 depicts an exploded view of a cover system/tab-lock system andpart of an enclosure of a device according to embodiments of the presentinvention.

FIG. 6 depicts an interior view of a cover system/tab-lock systemmounted into a device enclosure according to embodiments of the presentinvention.

FIG. 7 depicts an alternate interior view of a cover system/tab-locksystem mounted into a device enclosure according to embodiments of thepresent invention.

FIG. 8 depicts a partial front view with hidden lines of a deviceenclosure with a cover system/tab-lock system and a locking deviceaccording to embodiments of the present invention.

FIG. 9 depicts a method for making a device with a cover/tab-lock systemaccording to embodiments of the present invention.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

In the following description, for purposes of explanation, specificexamples and details are set forth in order to provide an understandingof the invention. It will be apparent, however, to one skilled in theart that the invention may be practiced without these details.Well-known process steps may not be described in detail in order toavoid unnecessarily obscuring the present invention.

Other applications are possible, such that the following examples shouldnot be taken as limiting. Furthermore, one skilled in the art willrecognize that aspects of the present invention, described herein, maybe implemented in a variety of ways.

Components, or modules, shown in the diagrams are illustrative ofexemplary embodiments of the invention and are meant to avoid obscuringthe invention. It shall also be understood that throughout thisdiscussion that components may be described as separate functionalunits, which may comprise sub-units, but those skilled in the art willrecognize that various components, or portions thereof, may be dividedinto separate components or may be integrated together, includingintegrated within a single system or component. It should be noted thatfunctions or operations discussed herein may be implemented ascomponents or modules.

Furthermore, connections between components within the figures are notintended to be limited to direct connections. Also, additional or fewerconnections may be used.

In the detailed description provided herein, references are made to theaccompanying figures, which form a part of the description and in whichare shown, by way of illustration, specific embodiments of the presentinvention. Although these embodiments are described in sufficient detailto enable one skilled in the art to practice the invention, it shall beunderstood that these examples are not limiting, such that otherembodiments may be used, and changes may be made without departing fromthe spirit and scope of the invention.

Reference in the specification to “one embodiment,” “preferredembodiment,” “an embodiment,” or “embodiments” means that a particularfeature, structure, characteristic, or function described in connectionwith the embodiment is included in at least one embodiment of theinvention and may be in more than one embodiment. Also, such phrases invarious places in the specification are not necessarily all referring tothe same embodiment or embodiments. It shall be noted that the use ofthe terms “set” and “group” in this patent document shall include anynumber of elements. Furthermore, it shall be noted that method steps maynot be limited to the specific order set forth herein; rather, oneskilled in the art shall recognize, in some embodiments, that more orfewer steps may be performed, that certain steps may optionally beperformed, and that steps may be performed in different orders,including being done some steps being done concurrently.

It should be noted that, for purposes of explanation, the presentinvention is explained in the context of network systems and devices. Itshould be noted that these examples are provided for purposes ofillustration and shall not be used to limit the present invention.Accordingly, the invention elements may be applied or adapted for usewith other devices or in other contexts.

As noted above, there is a need for devices, such as (by way of exampleand not limitation) network switches, that are equipped to providevarious levels of security when deployed in a non-controlled environmentwith multiple individuals having physical access to the device. Suchdevices typically have several interface accesses or openings that needto be protected and sometimes with different levels of security.

Accordingly, aspects of the present invention include unique approachesat providing hardware-based mechanisms to control software access andphysical access to various interfaces on an electronic device. Thus, acustomer can protect his or her data and investment by using selectabletab covers that block access to functional elements of the device. Dueto a need to granularly select each interface for allowing or blockingaccess according to the security or options that the customer wants togive others, embodiments of the present invention providing gatemechanisms to allow for each moveable gate, cover, or tab to be selectedthat actually blocks an interface opening. Then, in embodiments, thesetab options may be securely locked into place when a lockable device,such as a Kensington lock from Kensington of Redwood City, Calif., isinserted in an opening.

Turning to FIG. 1, depicted is a partial front view with hidden lines ofa device enclosure 190 with a cover system or tab-lock system accordingto embodiments of the present invention. As shown in FIG. 1, part of anenclosure 190 of a device is shown. The enclosure 190 includes aplurality of openings. These openings 115, 130, and 145 provide accessto functional elements or interfaces of the devices. For example, theopenings may provide access to interfaces or functional elements such as(by way of example and not limitation) USB ports, serial port, consoleport, power button, reset button, etc. FIG. 1 also depicts a set ofaccess covers or security covers 105, 120, and 135. These securitycovers may be moved into and out of position via a switch or finger-tab110, 125, and 140 (respectively). For example, the switch 110 has beenmoved into a position such that the cover 105 extends to cover theopening 115 to the function element that is normally accessible via theopening 115. Similarly, the switch 125 has been moved into a positionsuch that the cover 120 extends to cover the opening 130 to the functionelement, which may be, by way of example, a USB port. Note, however,that the switch 140 has been moved into a position such that its cover135 does not cover the opening 145 to the function element—therebymaking that functional element accessible via the opening 145.

Blocking access to a serial port/console port is beneficial because itessentially locks attempts to access the command line interface and thusstops malicious attempts to contaminate the local Ethernet network. Thissecurity is very important since multiple network elements may resideand function off this network, i.e. cash registers, gas pumps, phones,etc. Blocking access to a reset button stops unwarranted reloads orreboots. And, blocking access to a managed mode button stops people fromhaving the ability to change this switch to a managed/unmanaged switchand therefore ensures that the initial switch settings stay unchanged.Customer can also block access to a USB port (e.g., a mini-USB key) sothat no one else can insert a USB data device and try to downloadconfigurations or new images to the device.

It shall be noted that the depicted embodiment allows for access to eachfunction element to be separately selected. For example, FIG. 2 depictsthe cover system or tab-lock system of FIG. 1 in which one of thetab-lock or access covers, cover 120 has been moved according toembodiments of the present invention to allow access to interface 130.In alternative embodiments, one or more of the covers may be coupledsuch that selecting of one cover affects the opening or blocking ofaccess to another functional element or elements. For example, if oneswitch is selected, another switch may be linked to have the same oropposite configuration as the first switch.

Returning to FIG. 1, also depicted is a lock mounting feature 150comprising an opening configured such that when a locking device ismounted and locked to the enclosure 190, the tab-lock or covers 105,120, and 135 are prohibited from having their positions changed. Inembodiments, the locking device may be a cover or a cable lock, such asa Kensington lock.

FIG. 3 depicts a partial front view of a device enclosure 390 with acover system or tab-lock system and a locking device 300 according toembodiments of the present invention. In the depicted example of alocking device or cover 300, the locking device 300 may include a cable305 to secure the device to a structural element to make it moredifficult for someone to try to remove the device.

After the desired access levels to the functional elements has beenselected (by moving the switches to the desired positions to allow orblock access the openings to the functional elements or interfaces), alocking device (e.g., locking device 300 in FIG. 3) is locked into placeto securely cover an area (e.g., area 355) that blocks access to theswitches 310, 325, and 340 so that they cannot be moved to a differentposition. Thus, a customer may configure his/her switch and then usethis built-in tab-lock/cover system to fully secure his/her settings sothat unwanted access and changes cannot occur. It should be noted thatthis may also deter curious people who may attempt to access to thesedevices.

Additionally or alternatively, in embodiments, the locking device may beconfigured such that it mechanically prohibits the access covers frombeing able to be moved.

FIG. 4 depicts the cover system/tab-lock system of FIG. 3 in which thelocking device 300 has been secured into position according toembodiments of the present invention. Note that the locking device doesnot allow access to change the tab-locks but does not inhibit access tothe functional element/interface openings (e.g., 315, 330, and 345). Asshown in FIG. 4, due to the configuration set by the user prior tolocking the locking device 300 into place, the openings 315 and 330 arenot blocked, whereas opening 345 is blocked by the tab-lock/accesscover.

In embodiments, the cover system may also include a visual indicator tomake it easier to see that the opening is blocked. For example, thecover blocking the opening 345 may be colored red making it easy to seethat the opening is blocked.

Turning now to FIG. 5, depicted is an exploded view of an embodiment ofa cover system/tab-lock system and part of an enclosure of a deviceaccording to embodiments of the present invention. The coversystem/tab-lock system 505 comprises a tab-lock retainer 568 comprisingone or more mounts 570 for fixedly attaching the system 505 to anenclosure 590 of a device. In embodiments, the assembly 505 may beintegrated with the device.

In embodiments, the system 505 also includes one or more interfaceopenings (e.g., 524 and 544) that correspond or align with one or morethrough-holes (e.g., 574, 576, and 578) in the enclosure 590 when thetab-lock system 505 is fixedly attached to the enclosure. This alignmentof openings between the enclosure and the cover system 505 allowsphysical access to one or more interfaces/functional elements (e.g.,functional elements 526 and 566 on circuit board 572) of the device. Itshall be noted that alignment does not require strict alignment of theopenings (e.g., alignment of their centers) but rather that they arealigned or correspond such that physical access can be gained to thefunctional elements/interfaces.

In embodiments, the system 505 also comprises an access cover/tab-lock(e.g., tab-locks 510, 530, and 550) that are capable of being movedrelative to the through-holes (e.g., through-holes 574, 576, and 578) inthe enclosure when the tab-lock system 505 is fixedly attached to theenclosure to obstruct or to not obstruct access to an interface element(e.g., functional elements 526 and 566) via a through-hole (e.g.,through-holes 574 and 576, respectively). In the depicted embodiments,the covers or tab-locks slide, but it shall be noted that otherconfigurations and other movements may be used, including but notlimited to rotating and push buttons.

In embodiments, a tab-lock (e.g., tab-locks 510, 530, and 550) maycomprise a finger-tab (e.g., finger-tabs 516, 536, and 556,respectively) attached to or integrated with of the tab-lock to enable auser to more easily move the tab-lock into either a secured position inwhich the tab-lock obstructs access to the interface or an unsecuredposition to not obstruct access to the interface. In embodiments, whenthe system 505 is secured to the device, the finger-tabs 516, 536, and556 for the depicted tab-locks 510, 530, and 550 may be accessed viathrough-holes 580, 582 and 582 (respectively).

In embodiments, a tab-lock may also comprise an indicator that indicatesto a user when the access cover is blocking the opening to thefunctional element. For example, part or all of the tab-lock may bevividly colored so that when it is exposed as it blocks the opening tothe interface element, it is clearly visible to a user.

In embodiments, the system 505 includes a lock mounting featurecomprising an opening 525 configured such that when a locking device islocked to the enclosure, the tab-lock is prohibited from its positionbeing changed. In embodiments, this feature 525 aligns with athrough-hole 520 in the enclosure to allow a locking device to besecured to the device. Consider, by way of illustration, the embodimentdepicted in FIGS. 6 and 7.

FIG. 6 depicts an interior view of a cover system/tab-lock system 505mounted into a device enclosure 590 according to embodiments of thepresent invention. FIG. 7 depicts an alternate interior view of a coversystem/tab-lock system 505 mounted into a device enclosure 590 accordingto embodiments of the present invention. As shown in FIGS. 6 and 7, alocking device 605, such as (by way of example and not limitation) aKensington lock, when locked into place via lock tab 610 holds the lock605 tightly to the enclosure 590. When locked into position, the lock605 blocks access to the finger-tabs so that the tab-locks' positionscannot be changed. FIG. 8 depicts a partial front view with hidden linesof the device enclosure 590 with a cover system or tab-lock system 505and a locking device 605 according to embodiments of the presentinvention. Note that the locking device 605 blocks access to theswitches/finger-tabs 516, 536, and 556 so that they cannot be changed.Thus, access to the function element behind the opening 574 is blocked805 and will remain blocked unless a user has the ability to unlock thelocking device 605 and change that tab-lock's position.

Returning to FIG. 5, in embodiments, the tab-lock retainer 568 comprisesone or more guides (e.g., guide slots 514, 534, and 554) to provide alimitation in movement and alignment between the tab-lock retainer andthe tab-locks (e.g., tab-locks 510, 530, and 550, respectively). Thus,in embodiments, the tab-locks (e.g., tab-locks 510, 530, and 550) mayinclude mating guide features (e.g., rails or tabs 512, 532, and 552,respectively). It shall be noted that other guiding mechanisms orconfiguration may be used.

In embodiments, the tab-lock retainer 568 comprises one or more tab-lockretainer features or locators (e.g., detents 520 and 522) and thecorresponding tab-lock (e.g., tab-lock 510) comprises a mating tab-lockfeature or locator (e.g., detent 518). The one or more tab-lock retainerlocators may be in the form of a hole, groove, or other feature, andprovide one or more set locations in the retainer so that the tab-locklocator feature may be set to a specific location to secure or to allowaccess to an internal component. Also, such features may provide tactilefeedback to a user that the tab-lock is securely positioned in aselectable position.

Turning now to FIG. 9, depicted is a method for producing a device withsecurable access to a functional element in the device according toembodiments of the present invention. As depicted, the method comprisesassembling (905) a device comprising one or more functional elements,and each functional element having an opening in an enclosure for thedevice to facilitate access to the functional element from outside thedevice. The method also comprises the step of including with the devicea cover system that provides selectable access to the functionalelement. The included cover system may be integrated into the device ormay be a subassembly that is attached to the device. In embodiments, thecover system may be any of the cover systems/tab-lock systems discussedabove.

It shall be noted that the present patent document is directed tosecuring access to functional element/interface elements of electronicsystems, including but not limited to computers, network managementappliances, and/or information handling systems. One skilled in the artwill recognize that the present invention may be embodied in differentconfigurations, modified, and/or used for other applications. While theinventions have been described in conjunction with several specificembodiments, it is evident to those skilled in the art that many furtheralternatives, modifications, application, and variations will beapparent in light of the foregoing description. Thus, the inventionsdescribed herein are intended to embrace all such alternatives,modifications, applications and variations as may fall within the spiritand scope of the appended claims.

What is claimed is:
 1. An apparatus for securing access to a functionalelement of a device, the apparatus comprising: a cover system that issecurely attachable to or integral with a device comprising an enclosurewith an opening to access the functional element of the device, thecover system comprising: an access cover that is moveably configurableto: a block position to block access to the functional element by beingin a position in which at least a portion of the access cover blocksaccess to the functional element; and an open position to allow accessto the functional element by being in a position that does not blockaccess to the functional element; a switch for moving the access coverto the block position or to the open position; and a locking deviceopening for receiving a locking device that blocks the switch toprohibit the position of the access cover being changed when thelockable cover is locked on the device.
 2. The apparatus of claim 1wherein the cover system further comprising: an indicator that indicatesto a user when the access cover is blocking access to the functionalelement.
 3. The apparatus of claim 1 wherein the cover system furthercomprises: at least one feature to receive a mating feature on theaccess cover to define the block position, the open position, or bothfor the access cover; and the access cover comprising the matingfeature.
 4. The apparatus of claim 1 wherein the locking device is acable lock that covers the switch so that the switch cannot be accessedto change its position and also can assist in securing the device to astructure.
 5. The apparatus of claim 1 wherein the device has aplurality of functional elements and the cover system comprises, foreach functional element of a set of functional elements from theplurality of functional elements: an access cover that is moveablyconfigurable to: a block position to block access to the functionalelement by being in a position in which at least a portion of the accesscover blocks access to the functional element; and an open position toallow access to the functional element by being in a position that doesnot block access to the functional element; and a switch for moving theaccess cover to the block position or to the open position.
 6. Theapparatus of claim 5 wherein each access cover may be movedindependently of another access cover.
 7. The apparatus of claim 6wherein, for each access cover of at least some of the access covers inthe cover system, the cover system further comprises: an indicator thatindicates to a user when the access cover is blocking access to thefunctional element.
 8. The apparatus of claim 5 wherein the cover systemfurther comprises, for each of at least some of the access covers: atleast one feature to receive a mating feature on the access cover todefine the block position, the open position, or both for the accesscover; and the access cover comprising the mating feature.
 9. A tab-locksystem for providing access to an interface of a device, the tab-locksystem comprising: a tab-lock retainer comprising one or more mounts forfixedly attaching the tab-lock system to the device and an interfaceopening that correlates with a through-hole in an enclosure of thedevice to facilitate physical access to the interface; a tab-lock thatis moveable relative to the through-hole in the enclosure when thetab-lock system is fixedly attached to the device, the tab-lock beingmoveable to a secured position to obstruct access to the interface viathe through-hole and to an unsecured position to not obstruct access tothe interface via the through-hole; and a lock mounting featurecomprising an opening configured to receive a locking device such thatwhen the locking device is locked to the device, the tab-lock's positionis prohibited from being changed.
 10. The tab-lock system of claim 9wherein the tab-lock further comprises: a finger-tab attached to orintegrated with of the tab-lock to assist a user in moving the tab-lockinto either the secured position or the unsecured position.
 11. Thetab-lock system of claim 10 wherein: the tab-lock retainer furthercomprises one or more guides to provide a limitation in movement betweenthe tab-lock retainer and the tab-lock; and the tab-lock furthercomprises one or more mating guide features for mating with the one ormore guides in the tab-lock retainer.
 12. The tab-lock system of claim10 wherein: the tab-lock retainer further comprises one or more tab-lockretainer locators to provide one or more set locations for the tab-lock;and the tab-lock further comprises a tab-lock locator that is configuredto mate with a tab-lock retainer locator.
 13. The tab-lock system ofclaim 10 wherein the locking device is a lock that covers thefinger-lock and can assist in securing the device to a structure. 14.The tab-lock system of claim 9 wherein the tab-lock system furthercomprising: an indicator that indicates to a user when access to theinterface is blocked by the tab-lock.
 15. The tab-lock system of claim 9wherein the device has a plurality of interfaces and correspondingthrough-holes and the tab-lock system comprises, for each interface of aset of interfaces from the plurality of interfaces: a tab-lock that ismoveable relative to a through-hole in the enclosure when the tab-locksystem is fixedly attached to the device, the tab-lock being moveable toa secured position to obstruct access to the interface via thethrough-hole and to an unsecured position to not obstruct access to theinterface via the through-hole; and the tab-lock's position isprohibited from being changed when the locking device is locked to thedevice.
 16. The tab-lock system of claim 15 wherein each tab-lock isindependently moveable of another tab-lock.
 17. A method for producing adevice with securable access to a functional element in the device, themethod comprising: assembling a device comprising one or more functionalelements, and each functional element having an opening in an enclosurefor the device to facilitate access the functional element from outsidethe device; including with the device a cover system that providesselectable access to the functional element, the cover systemcomprising: an access cover that is moveably configurable to: a blockposition to block access to the functional element by being in aposition in which at least a portion of the access cover blocks accessto the functional element; and an open position to allow access to thefunctional element by being in a position that does not block access tothe functional element; and a locking device opening for receiving alocking device that prohibits the position of the access cover beingchanged when the lockable cover is locked on the device.
 18. The methodof claim 17 wherein the cover system further comprising: an indicatorthat indicates to a user when the access cover is blocking access to thefunctional element.
 19. The method of claim 17 wherein the cover systemfurther comprises: at least one feature to receive a mating feature onthe access cover to provide one or more set locations for the accesscover; and the access cover comprising the mating feature.
 20. Themethod of claim 17 wherein the cover system further comprises a switchfor moving the access cover to the block position or to the openposition and wherein the locking device is a cable lock that covers theswitch so that the switch cannot be accessed to change its position.